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The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 14 June 2001 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G, 213. 

Disposition of Claims 

4) ^ Claim(s) 1-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-51 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner, 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121 (d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



This written action is responding to the application filed on 06/14/01 . 



2. 



Claims 1-51 are pending. 



Claim Rejections - 35 USC §112 



3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 5, 35, 41 , and 47 recite the limitation "chip interconnection network" in the 
claim language. There is insufficient antecedent basis for this limitation in the claim. 



5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 



of such treaty in the English language. 
6. Claims 1-51 are rejected under 35 U.S.C. 102(e) as being anticipated by Krishna 

et al, US Publication No. 2003/001 4627A1, hereinafter "Krishna". 



Claim Rejections - 35 USC § 102 



7. As per claim 1, Krishna teaches "A method, comprising: a.) Receiving an IP 
packet at a network interface (Para 0033); b.) Examining said IP packet to determine if 
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IPSec processing is necessary (Para 0034-37); c.) Performing IPSec processing on 
said IP packet (Para 0038-42; d.) Transmitting said IP packet after IPSeC processing to 
a storage location (Para 0049-50); and e.) Performing TCP/IP processing on said IP 
packet in said memory location (Para 0043-44); transmitting application data after said 
TCP/IP processing to a system memory (Para 0034)". 

8. As per claim 2, Krishna teaches "The method of claim 1 further comprising, 
examining the inbound IP packet at the network interface" in (Para 0033). 

9. As per claim 3, Krishna teaches "The method of claim 1 further comprising, 
examining the inbound IP packet at an acceleration device" (Para 0028-29). 

10. As per claim 4, Krishna teaches "The method of claim 1 further comprising a 
queue which may receive IP packets awaiting IPSec processing" (Para 0038-39). 

11. As per claims 5, 37, and 47, Krishna teaches "The method of claims 1 , 35, and 
41 further comprising a cryptographic acceleration device for performing IPSeC 
processing on said IP packet requiring IPSeC processing, wherein said IPSeC 
processing does not utilize system memory, the system bus, or the chip interconnection 
network" in (Para 0028, and 0034). 
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12. As per claim 6, Krishna teaches "The method of claim 5 further comprising 
accessing a security policy database necessary for IPSec processing directly from the 
IPSeC Decryption Accelerator, wherein said security policy database may exist in 
hardware, or said security policy database may exist in software" in (Para 0038). 

13. As per claims 7 and 48-49, Krishna teaches "A method as in claims 6 and 41 
wherein a memory location may store overflow information from said security policy 
database" in (Para 0038). 

14. As per claims 8, 19, 43, and 50, Krishna teaches "A method as in claims 1, 16, 
42, and 49, wherein said storage location comprises a Network Offload Memory (NOM)" 
(Para 0028, Local memory 110). 

15. As per claim 9, Krishna teaches "A method as in claim 1 wherein said storage 
location comprises a temporary buffer" (Para 0041). 

16. As per claims 10, 44, and 51, Krishna teaches "A method as in claims 7, 41, and 
49 wherein said memory location comprises a system memory" in (Para 0032, #166). 

17. As per claims 1 1 and 21 , Krishna teaches "A method as in claims 1 and 16 
wherein transmitting said IP packets after IPSeC processing to said memory location 



Application/Control Number: 09/882,428 
Art Unit: 2135 



Page 5 



comprises transmitting said IP packet by Direct Memory Access (DMA)" in (Para 0034, 
#166). 

18. As per claim 12, Krishna "The method of claim 1 further comprising a TCP/IP 
processor or TCP/IP processors accessing said IP packet in said memory location, 
performing TCP/IP processing on said IP packet, and thereafter directing data resulting 
from said TCP/IP processing to a system interface" in (Para 0034). 

19. As per claims 13 and 23, Krishna teaches "A method as in claims 12 and 16 
wherein TCP/IP processing on said IP packet by said TCP/IP processor or TCP/IP 
processors comprises accessing said IP packet by Direct Memory Access" in (Para 
0034, #166). 

20. As per claim 14, Krishna teaches "The method of claim 1 further comprising, 
transferring said data resulting from said TCP/IP processing to a system interface by 
Direct Memory Access (DMA)" in (Para 0032). 

21 . As per claims 15 and 32, Krishna teaches "The method of claims 1 and 16 further 
comprising receiving an IP packet which was transmitted in tunnel mode, or receiving 
an IP packet which was transmitted in transport mode" in (Para 0043). 
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22. As per claim 16, Krishna teaches "A method, comprising: a.) Receiving data from 
the system (Para 0033); b.) Performing TCP/IP processing on said data, creating an IP 
packet (Para 0043-44); c.) Processing said IP packet to determine if IPSec processing 
is necessary and directing said IP packet to an accelerator for IPSeC processing; d.) 
Performing IPSec processing on said IP packet (Para 0038-42); and e.) Transmitting IP 
packets at a network interface (Para 0034)" 



23. As per claim 17, Krishna teaches "The method of claim 16 further comprising a 
system interface for receiving data from said system, which may be a CPU" (Para 
0028). 

24. As per claims18 and 20, Krishna teaches "The method of claims 16 further 
comprising transmitting said data received from said system to a memory location" 
(Para 0032). 

25. As per claim 22, Krishna teaches "The method of claim 16 further comprising a 
TCP/IP processor or TCP/IP processors for performing TCP/IP processing" (Para 0028, 
#108). 
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26. As per claim 24, Krishna teaches "The method of claim 16 further comprising the 
TCP/IP processor or TCP/IP processors checking the IP packet after TCP/IP processing 
to determine if IPSec processing is required on said IP packet" in (Para 0038). 

27. As per claim 25, Krishna teaches "The method of claim 16 further comprising a 
queue, which may receive IP packets awaiting IPSec processing at said accelerator" in 
(Para 0038). 

28. As per claim 26, Krishna teaches "The method of claim 1 5 further comprising 
setting a control bit in a control word for a DMA engine to notify said accelerator that 
said IP packet requires IPSec processing" (Para 0038 and Para 0032, and 0028). 

29. As per claim 27, Krishna teaches "The method of claim 26 further comprising 
said accelerator checking said control bit to determine if IPSeC processing is required 
on said IP packet" in (Para 0071-72, Para 0116, and Table SATC-CL SATC 
Classification Field Cache). 

30. As per claim 28, Krishna teaches "The method of claim 26 further comprising 
said DMA engine checking said control bit lo determine if IPSec processing is required 
on said IP packet" in (Para 0071-72, 0091 , 01 16, and Table SATC-CL SATC 
Classification Field Cache). 
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31 . As per claim 29, Krishna teaches "The method of claim 28 further comprising 
said DMA engine ending only packets which require IPSeC processing to said 
accelerator" in (Para 0071-72, 0091, 0116, and Table SATC-CL SATC Classification 
Field Cache). 

32. As per claim 30, Krishna teaches "The method of claim 28 further comprising 
said DMA engine sending packets which do not require IPSec processing to said 
network interface" (Para 0071-72, Para 0034, 0091 , 01 16, and Table SATC-CL SATC 
Classification Field Cache). 

33. As per claim 31 , Krishna teaches "The method of claim 16 further comprising a 
network interface for receiving said IP packet after IPSec processing, and for said 
network interface receiving IP packets which do not require IPSeC processing" (Para 
0071-72, 0091, 0034, Para 01 16, and Table SATC-CL SATC Classification Field 
Cache). 

34. As per claim 33, Krishna teaches "An apparatus comprising: a.) A network 
interface or network interfaces, said network interface or network interfaces receive and 
send IP-packets (Para 0034); b.) An accelerator or accelerators coupled to said network 
interface or network interfaces, said accelerator or accelerators perform IPSec 
processing on inbound IP packets, and/or perform IPSeC processing on outbound IP 
packets (Figure 1A, 6A, 6B, Para 0028, and 0091); c.) a TCP/IP processor or TCP/IP 
processors coupled to said network interface or network interfaces, said TCP/IP 
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processor or TCP/IP processors perform TCP/IP processing (Para 0042-44, 0027, and 
Figure 1 A); and d.) a system interface or system interfaces coupled to said TCP/IP 
processor or TCP/IP processors, said system interface or system interfaces receives 
and/or sends data from a System CPU (Para 32)". 

35. As per claim 34, Krishna teaches "The apparatus of claim 33 further comprising a 
single device or multiple devices" (Para 0033). 

36. As per claims 35 and 41 , Krishna teaches "An apparatus as in claims 33, wherein 
said apparatus comprises: a.) An inbound network interface, said inbound network 
interface receives inbound IP packets from a network (Para 0033); b.) An accelerator 
coupled to said inbound network interface, said accelerator receives an IP packet from 
said inbound network interface and performs IPSeC processing on said IP packet (Para 
0034-40); c.) a security policy database (SPD) coupled to said accelerator (Para 0038); 
d.) A security association database (SAD) coupled to said accelerator (Para 0038); e.) A 
chip interconnection network coupled to said accelerator (Para 0032-33); a memory 
coupled to said chip interconnection network (Para 0028, and 32-33, #110); g.) A 
TCP/IP processor coupled to said chip interconnection network (Para 0023, #108); and 
h.) A system interlace coupled to said chip interconnection network (Para 0032 and 
Figure 12)". 
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37. As per claim 36, Krishna teaches "An apparatus as in claim 35 wherein said 
inbound network interface comprises an Ethernet interface" (Para 0033). 

38. As per claim 38, Krishna teaches "The apparatus of claim 35 wherein said 
transmission between said accelerator and said memory location is comprised of Direct 
Memory Access (DMA)" (Para 0032, and Figure 1A). 

39. As per claims 39, 45, and 46, Krishna teaches "The apparatus of claims 35, and 
41 wherein said connection between said memory location and said TCP/IP processor 
is comprised of Direct Memory Access (DMA)" in (Para 0028, 32, and Figure 1 A). 

40. As per claims 40 and 42, Krishna teaches "The apparatus of claims 35 and 41 
wherein said connection between said memory location and said system interface is 
comprised of Direct Memory Access (DMA)" in (Figure 1B, and Para 0032). 

Conclusion 

41 . Any inquiry concerning this communication from the examiner should be directed 
to Linh Son whose telephone number is (571 )-27 1-3856. 

42. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (571 )-272-3859. The fax numbers for this 
group are (703)-872-9306 (official fax). Any inquiry of general nature or relating to the 
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status of this application or proceeding should be directed to the group receptionist 
whose telephone number is (571)-272-2100. 

43. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval IPAIR.I system. Status information for 
published applications may be obtained from either Private PMR or Public PMR. Status 
information for unpublished applications is available through Private PMR only. For 
more information about the PAIR system, see http://pzr-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-21 7-9197 (toll-free). 

Linh LD Son /) 



Patent Examiner 
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